[wp-trac] [WordPress Trac] #63943: Post Passwords over 255 are not controlled in Quick Edit, nor reported Server Level.

WordPress Trac noreply at wordpress.org
Mon Sep 8 08:40:23 UTC 2025 

#63943: Post Passwords over 255 are not controlled in Quick Edit, nor reported
Server Level.
-------------------------------------------------+-------------------------
 Reporter:  SirLouen                             |       Owner:  rishabhwp
     Type:  defect (bug)                         |      Status:  assigned
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Quick/Bulk Edit                      |     Version:  4.7
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests changes-    |     Focuses:
  requested report-upstream                      |
-------------------------------------------------+-------------------------

Comment (by rishabhwp):

 Thanks for reviewing the PR!

 > For the code review part: For the error section, I would set something
 like `invalid_post_password_length` to be more explicit. Also, you don't
 need to add the `Error:` in front of the sentence.

 I've updated the error code to `invalid_post_password_length` and removed
 the "Error:" prefix to make it more explicit.

 > For the test, try to keep it simpler and remove all the assertions that
 are not really straight to the point.

 I simplified the test. Now it only checks that passwords longer than 255
 characters return the right error. When you say ‘remove all the assertions
 that are not really straight to the point,’ do you mean the extra
 [https://github.com/WordPress/wordpress-develop/pull/9776/files#diff-
 5dd15d9d65b0adfe47363eba0aff5f2e9bfc594ea4a3bafcc21ad6c9d7b4793eR1346-R1347
 asserts in the PR]?


 > But are you completely sure there are no other tests already checking
 the validity of a `post_password`?

 I did check and found there's a `test_post_password()` function in
 [https://github.com/WordPress/wordpress-
 develop/blob/trunk/tests/phpunit/tests/query/results.php#L1061
 results.php], but it only tests password-protected post queries, not the
 validation logic itself. The `_wp_translate_postdata()` function didn't
 have any existing password length validation tests, so this new test is
 covering a gap in the test suite.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/63943#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list